With Apple users and fans waiting for the roll-out of iOS 14.5 in the coming weeks, one of the marquee features of the update is Apple's new App Tracking Transparency framework. This is in line with Apple's communication to developers that the Identifier for Advertisers (IDFA) cannot be circumvented to identify and track end-users individually. Doing so can result in the app being banned from the store. For those unaware, the Identifier for Advertisers (IDFA) is a random device identifier assigned by Apple to a user's device. Advertisers use this to track data so they can deliver customized advertising.
This policy appears to have gone live in the past week as both new apps and updates to existing apps are being rejected if they contain any sort of device fingerprinting measures. The updates have resulted in the full complement of new privacy rules, which will need any app using the IDFA for targeted advertising to notify the user during download and obtain their consent.
This has resulted in widespread displeasure from the mobile marketing and advertising industry and has Apple anticipating the use of "device fingerprinting" measures by marketers as a functionally similar substitute. This is basically a way of logging a list of device characteristics which can be used to form a unique combination of the user; this might include IP addresses, browser name and version, lists of applications in phone, screen resolution, language settings and time zone etc.
Given this tricky situation for mobile advertisers, several large Chinese firms like ByteDance and Tencent are purportedly testing a solution that will allow them to continue tracking iPhone users irrespective of these new Privacy updates. This initiative is being led by the China Advertising Association (CAA), who have ByteDance, Tencent and 2,000 other firms as its members. They have developed an alternative to the IDFA known as CAID (China Anonymization ID).
Apple informed developers months ago that device fingerprinting would not be allowed henceforth as a substitute for IDFA tracking. The company did not make any major public announcements on this but quietly started rejecting apps that use "device fingerprinting" mechanisms. The iOS 14.5 updating that includes the App Tracking Transparency (ATT) framework may be released to worldwide users in May.
The CAA developed tool, CAID, will let marketing firms and companies continue tracking iPhone users and show them targeted ads without the users' consent, as is the case now. This is their attempt at creating an alternative to the Identifier for Advertisers (IDFA) random device identifier.
There is a lot of cynicism being expressed by experts around the world behind the emergence of CAID as it is well known that China is a strong surveillance state that monitors its citizens daily. We may not have forgotten the controversies surrounding Huawei and the fact that China is currently accused of supplying surveillance technology to Myanmar's generals.
The Backlash to Apple's new privacy framework
Soon after the announcement of the ATT by apple, various app publishers and marketing firms took to forums and social media channels to raise concerns of the same. Mobile applications teams of ridesharing app Heetch and publishing platform Radish came out publicly to reveal that their new application updates were rejected by Apple for violating new privacy directives. App developers whose apps had been rejected owing to the use of device fingerprinting mechanisms received the following message from Apple:
"Your app uses algorithmically converted device and usage data to create a unique identifier in order to track the user."
The below tweet shows an app update rejection for a Chinese app for collecting system information used to construct a persistent identifier. As of today, Apple is not differentiating or giving concessions to Chinese mobile applications.
Chinese firms are not the only one's betting for the success of CAID, but even some western firms are keenly engaging with the CAA. Popular firm P&G revealed to The Wall Street Journal that it's been providing input to the state-backed China Advertising Association, which is behind CAID, and declined to say whether it plans to use the identifier when it's ready.
P&G is not the only western firm in this alliance, but even the Chinese branches of Nielsen, Deloitte and PricewaterhouseCoopers (PwC) are all registered as "drafting organizations" in the official CAID documents.
The fact that top western companies are actively involved with the China Advertising Association in order to come out with an alternative design to bypass Apple's ATT means that this will be a full-blown war between Apple and the technology fraternity siding with China.
The latest application development guidelines released by ByteDance (TikTok's parent company) for app developers state that digital and mobile marketers can now "use CAID as a substitute if the user's IDFA is unavailable".
Meanwhile, Apple has warned Chinese tech firms and developers that they will be expected to comply with its new iOS14.5 privacy rules, including the ATT like in any other country or region.
"App Store terms and guidelines apply equally to all developers around the world. We believe strongly that users should be asked for their permission before being tracked. Apps that are found to disregard the user's choice will be rejected." the company said in a statement.
Chinese Advertising Association
Documents released by the CAA depict the China Anonymization ID (CAID) tool that is based on the device fingerprinting technique intended for use by China's biggest app publishers. It will be interesting to see how Apple will react to the possibility of these Chinese firms going ahead with implementing CAID to bypass Apple's privacy barriers. Chinese apps have basically formed a collective and have dared Apple to ban all of them at once. Who will bite the bullet first?
The CAID is a workaround that negates Apple's privacy-based rule changes, allowing advertisers to collect user and device information to create a unique identifier for the user's device without consent.
How CAID works?
The idea of CAID is to substitute the IDFAs (once IDFAs become non-existent owing to Apple's ATT) to continue the traditional measurement flows.
CAIDs are designed to be persistent. Unlike many other measurement techniques, the universally unique identifier (UUID) value created in the CAID mechanism can be stored and reused. It also has the space to provide mappings between CAIDs when the algorithm receives updates for better accuracy.
How is CAID generated?
Firstly, the CAID mechanism collects data parameters from the mobile device in focus. Secondly, the collected parameters are sent to an API endpoint. This data is serialized and encrypted before transmission. As of today, the API endpoints are owned and operated by the China Advertising Association (CAA), although this could change in future.
Thirdly, the API will return a CAID value which can be used in place of an IDFA for purposes such as attribution. This process is common for both the advertiser as well as the publisher apps.
There are numerous possibilities and implications that will come along with those depending on how this feud between Apple and CAA goes ahead. We could either see Apple successfully cracking down on CAA and CAID goes away. But this would mean that Apple will have to take on the entire Chinese tech ecosystem and the Chinese government themselves, considering the CAA is state-sponsored.
Another option is for Apple to abandon the whole ATT initiative in China alone owing to the success of CAID, but this would set a dangerous precedent for Apple as this will see similar workarounds around the globe and also push Apple on the backfoot when it comes to new privacy-related updates.
The final option is for Apple to totally do away with ATT globally. This will be a big setback to Apple users who may be disappointed with the withdrawal of Apple's privacy-centric approach. Right now, The ATT makes the IDFA opt-in, as users will have to explicitly say they want to be tracked by apps, which of course, given the option, many will not.
In all these years, mobile ads and associated models have never been clearly and explicitly explained to consumers and end-users. But the ATT may just change the game and give users control over apps that track them.
ATT is certainly a game-changer for privacy fans and campaigners- who have lobbied for the same all these years. This will also ensure Apple gets more revenue as ATT will prevent the generation of revenue by tracking user data, and hence developers and companies have to resort to choosing other revenue streams like in-app-purchases or subscriptions models, which are usually funnelled through the Apple app store with commissions going to Apple.
No doubt, this will impact the biggies as well as the smaller businesses that solely depend on user statistics and data. Ad-based businesses will take a hit, especially those that do not have huge datasets. Without the IDFA, many of these small publishers won't be able to charge as much for their ads because they lack specific information on their users, and hence brands won't want to pay as much for ads in these apps.
The CAID mechanisms can evade detection by Apple owing to the ability for it to be created on servers hosted by app developers rather than on the device itself. Hence, we must wait and see what Apple's next move will look like. China is Apple's second-biggest market sales of new iPhones there rose 57 per cent to $21.31bn in the last quarter.
Will Apple choose revenue over Privacy?